ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Verifiable Relation Sharing and Multi-verifier Zero-Knowledge in Two Rounds: Trading NIZKs with Honest Majority: (Extended Abstract)

Applebaum, B and Kachlon, E and Patra, A (2022) Verifiable Relation Sharing and Multi-verifier Zero-Knowledge in Two Rounds: Trading NIZKs with Honest Majority: (Extended Abstract). In: 42nd Annual International Cryptology Conference, CRYPTO 2022, 15 - 18 August 2022, Santa Barbara, pp. 33-56.

Full text not available from this repository.
Official URL: https://doi.org/10.1007/978-3-031-15985-5_2


We introduce the problem of Verifiable Relation Sharing (VRS) where a client (prover) wishes to share a vector of secret data items among k servers (the verifiers) while proving in zero-knowledge that the shared data satisfies some properties. This combined task of sharing and proving generalizes notions like verifiable secret sharing and zero-knowledge proofs over secret-shared data. We study VRS from a theoretical perspective and focus on its round complexity. As our main contribution, we show that every efficiently-computable relation can be realized by a VRS with an optimal round complexity of two rounds where the first round is input-independent (offline round). The protocol achieves full UC-security against an active adversary that is allowed to corrupt any t-subset of the parties that may include the client together with some of the verifiers. For a small (logarithmic) number of parties, we achieve an optimal resiliency threshold of t< 0.5 (k+ 1 ), and for a large (polynomial) number of parties, we achieve an almost-optimal resiliency threshold of t< 0.5 (k+ 1 ) (1 - ϵ) for an arbitrarily small constant ϵ> 0. Both protocols can be based on sub-exponentially hard injective one-way functions. If the parties have an access to a collision resistance hash function, we can derive statistical everlasting security, i.e., the protocols are secure against adversaries that are computationally bounded during the protocol execution and become computationally unbounded after the protocol execution. Previous 2-round solutions achieve smaller resiliency thresholds and weaker security notions regardless of the underlying assumptions. As a special case, our protocols give rise to 2-round offline/online constructions of multi-verifier zero-knowledge proofs (MVZK). Such constructions were previously obtained under the same type of assumptions that are needed for NIZK, i.e., public-key assumptions or random-oracle type assumptions (Abe et al., Asiacrypt 2002; Groth and Ostrovsky, Crypto 2007; Boneh et al., Crypto 2019; Yang, and Wang, Eprint 2022). Our work shows, for the first time, that in the presence of an honest majority these assumptions can be replaced with more conservative “Minicrypt”-type assumptions like injective one-way functions and collision-resistance hash functions. Indeed, our MVZK protocols provide a round-efficient substitute for NIZK in settings where honest-majority is present. Additional applications are also presented.

Item Type: Conference Paper
Publication: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher: Springer Science and Business Media Deutschland GmbH
Additional Information: The copyright for this article belongs to Springer Science and Business Media Deutschland GmbH.
Keywords: Collision resistance; Extended abstracts; Offline; One-way functions; Protocol execution; Round complexity; Secret data; Shared data; Zero knowledge; Zero-knowledge proofs, Hash functions
Department/Centre: Division of Electrical Sciences > Computer Science & Automation
Date Deposited: 04 Jan 2023 07:28
Last Modified: 04 Jan 2023 07:28
URI: https://eprints.iisc.ac.in/id/eprint/78729

Actions (login required)

View Item View Item